SINGAPORE –Quantum key distribution (QKD) is designed for secure computer-based interactions, keeping communication between two remote parties confidential by enabling them to construct a shared secret key during the course of their conversation. It may sound secure in principle, but it can involve some loopholes when put into practice.
Now, for the first time, a “perfect eavesdropper” for QKD that exploits a loophole in a typical setup has been created and operated by researchers at the Centre for Quantum Technologies at National University of Singapore, Norwegian University of Science and Technology, and the University Graduate Center in Norway.
The perfect “evil” eavesdropper, Eve. From left to right: a suitcase with blinding lasers and other optical components used to control Bob’s detectors; a digital delay generator; a rubidium clock; a time-stamp unit; and a computer used to record the “secret” key. The yellow fiber optic cable from Alice enters at the left side of the picture, and the fiber optic cable to Bob leaves at the right side. Courtesy of Vadim Makarov.
The eavesdropper enabled researchers to obtain an entire shared secret key without alerting either of the intended parties that there had been a security breach, highlighting the importance of identifying imperfections in QKD implementation as a first step toward solving the problem.
Cryptography has traditionally relied on mathematical conjectures and thus may always be prone to being “cracked” by clever mathematicians with the help of ever-faster computers. Quantum cryptography, however, relies on the laws of physics and should be infinitely more difficult to crack than traditional approaches. Although much has been said about the technological vulnerabilities in quantum cryptography, there have been no successful full field-implemented hacks of QKD security – until now.
In the setup that was tested, researchers at the three institutions demonstrated their eavesdropping attack in realistic conditions over a 290-m fiber link between a transmitter called “Alice” and a receiver called “Bob.” Alice transmitted light to Bob one photon at a time, and the two built up their secret key by measuring properties of the photons. During multiple QKD sessions over the course of a few hours, the perfect eavesdropper “Eve” obtained the same secret key as Bob, while the usual parameters monitored in the QKD exchange were not disturbed – meaning that Eve remained undetected.
“This attack highlights where we need to pay attention to ensure the security of this technology,” said Christian Kurtsiefer, a professor at the Centre for Quantum Technologies at the National University of Singapore.
The researchers circumvented the quantum principles that in theory make QKD so secure by making the photon detectors in Bob behave in a classical way. The detectors were blinded, essentially overriding the system’s ability to detect a breach of security. Furthermore, they used off-the-shelf components.
“We cannot simply delegate the burden of keeping a secret to the laws of quantum physics,” Kurtsiefer said. “We need to carefully investigate the specific devices involved.”
The work was first reported in Nature Communications
, and the open publication of how the “perfect eavesdropper” was built has already closed this particular loophole in QKD.